Jump to content
Spydabee

Is it possible to tweak ROM code?

Recommended Posts

Hi,

 

I was wondering if it’s possible at all to tweak existing ROM code? Reason I ask is I’ve always wanted to play Klax on the Lynx, but find it almost impossible due to my R/G colourblindness making several of the tile variants extremely hard to differentiate.

 

Is it feasible to tweak the palette of the tiles? Or even to add patterns to some of them?
 

 

Share this post


Link to post
Share on other sites

Change ROM? Yes it is possible, but not that easy. Check out Carl's /Songbird's/ blog about hacking Quadromania Redux.

  • Like 1

Share this post


Link to post
Share on other sites

Link to the first article of this very instructive serie can be found here:

https://songbird-productions.com/2020/05/05/raiders-of-the-lost-rom-part-1/

 

Also, back to your specific problem @Spydabee, a palette tweak could do the trick. So the fix itself is fairly easy, just changing a few byte in the palette, the real problem is to identify where the palette is located in the rom. Could be a fun challenge for an asm expert.. so well not me in that case :)

  • Like 1

Share this post


Link to post
Share on other sites

given the vast numbers of patched ROM, this seems to be rather easy ;-))))

 

* Hot Dog (title picture replacement)

* Battlezone 2000 (enable Easter Egg game by default)

* Eye of The Beholder (change EEPROM save code)

* Alien vs Predator (enable Alien character, select level)

* Chips Challenge (replace levels)

* Lemmings (replace levels)

* Xenophobe (unlimited health)

 

  • Like 1

Share this post


Link to post
Share on other sites

but sure, you cannot change the ROM content of the cartridge, unless its on of the new flash cartridges.

but readout-modify-write to a new card does the trick.

  • Like 1

Share this post


Link to post
Share on other sites

Well, in memory the palette is located at 0x1c - 0x3b, the code that sets the palette can be analyzed setting a breakpoint at 0x0837.

 

The palette is set at startup and again every time you don't continue a lost game.

 

The colors are:

 

1728019698_KlaxPalette.thumb.png.f84ce2e6d98ab2e9e1e663d60d9472e4.png

 

can't find them in the cart, so could be hidden or compressed. Tracing the code should be possible to locate the data and change it. But I'm too tired.

  • Thanks 1

Share this post


Link to post
Share on other sites

Thanks so much for the responses so far! So - it seems like it is at least possible. Unfortunately, the extent of my coding experience was printing “Hello world” in BASIC about 40 years ago, so it’s not something I can realistically aspire to doing myself. I would be more than happy to donate a few bob towards such a project though if anyone’s up for having a crack at it...

Share this post


Link to post
Share on other sites

Actually the startup code sets the pointer at $0501 into ZP RAM at 001C

        lda     #$01                            ; 04D7 A9 01
        sta     $1C                             ; 04D9 85 1C
        lda     #$05                            ; 04DB A9 05
        sta     $1D                             ; 04DD 85 1D


 

There seems to be a fixed palette at this address:

        .byte   $00,$03,$09,$0F,$00,$00,$07,$0F ; 0501 00 03 09 0F 00 00 07 0F
        .byte   $00,$00,$0F,$00,$00,$06,$09,$0F ; 0509 00 00 0F 00 00 06 09 0F
        .byte   $00,$33,$99,$FF,$02,$FA,$00,$00 ; 0511 00 33 99 FF 02 FA 00 00
        .byte   $A0,$F0,$F0,$0A,$0F,$0B,$0E,$0F ; 0519 A0 F0 F0 0A 0F 0B 0E 0F


 

Later in the spot @Nop90 told there is really the code to set up the palette.

 

L0820:  php                                     ; 0820 08
        sei                                     ; 0821 78
        stx     DISPADRL                        ; 0822 8E 94 FD
        sta     DISPADRH                        ; 0825 8D 95 FD
        plp                                     ; 0828 28
        inc     L0846                           ; 0829 EE 46 08
        stz     $1E                             ; 082C 64 1E
        lda     $1F                             ; 082E A5 1F
        beq     L0840                           ; 0830 F0 0E
        phy                                     ; 0832 5A
        ldy     #$1F                            ; 0833 A0 1F
L0835:  lda     ($1C),y                         ; 0835 B1 1C
        sta     PALETTE,y                       ; 0837 99 A0 FD
        dey                                     ; 083A 88
        bpl     L0835                           ; 083B 10 F8
        stz     $1F                             ; 083D 64 1F
        ply                                     ; 083F 7A
L0840:  plx                                     ; 0840 FA
        pla                                     ; 0841 68
        rti                                     ; 0842 40

All this is found in the 2nd file on the Klax cart. The first byte is at address $04C7 in RAM and it seems to stay in this position permanently.

 

FILE002_RODATA        0004C7  00160A  001144  00001
FILE003_RODATA        00160C  004575  002F6A  00001
FILE043_RODATA        00160C  00A4F5  008EEA  00001
FILE004_RODATA        004576  0083B0  003E3B  00001
FILE005_RODATA        004576  00481A  0002A5  00001
FILE006_RODATA        004576  005434  000EBF  00001
FILE027_RODATA        004576  00B772  0071FD  00001
FILE028_RODATA        004576  007A0B  003496  00001
FILE029_RODATA        004576  00B913  00739E  00001
FILE030_RODATA        004576  00AAF3  00657E  00001
FILE036_RODATA        004576  005F9B  001A26  00001
FILE037_RODATA        004576  005A62  0014ED  00001
FILE038_RODATA        004576  0056F6  001181  00001
FILE039_RODATA        005F9C  008ACA  002B2F  00001
FILE040_RODATA        005F9C  0078BA  00191F  00001
FILE041_RODATA        005F9C  007E5D  001EC2  00001
FILE042_RODATA        005F9C  008D8F  002DF4  00001
FILE001_RODATA        008000  008766  000767  00001
FILE031_RODATA        0081DB  008E95  000CBB  00001
FILE032_RODATA        0081DB  0091B1  000FD7  00001
FILE033_RODATA        0081DB  009429  00124F  00001
FILE034_RODATA        0081DB  0099FC  001822  00001
FILE035_RODATA        0081DB  008EA3  000CC9  00001
FILE019_RODATA        00B9B2  00BBDE  00022D  00001
FILE020_RODATA        00B9B2  00BC1A  000269  00001
FILE021_RODATA        00B9B2  00BD05  000354  00001
FILE022_RODATA        00B9B2  00BE9E  0004ED  00001
FILE023_RODATA        00B9B2  00BE77  0004C6  00001
FILE024_RODATA        00B9B2  00BD14  000363  00001
FILE025_RODATA        00B9B2  00BF13  000562  00001
FILE026_RODATA        00B9B2  00C035  000684  00001
    __STARTOFDIRECTORY__: value = 474, type = export;
    __DIRECTORYSIZE__: value = 344, type = export;
    __F001_START__: value = 32768, type = export;
    __F001_SIZE__: value = 1895, type = export;
    __F002_START__: value = 1223, type = export;
    __F002_SIZE__: value = 4420, type = export;
    __F001_START__: value = 32768, type = export;
    __F001_SIZE__: value = 1895, type = export;
    __F002_START__: value = 1223, type = export;
    __F002_SIZE__: value = 4420, type = export;


So the 2nd file appears to start at 474+344+1895 bytes from the start of the ROM.
The interesting palette is then at $0501-$04C7 = $3A bytes (58) from the start of the file2.

 

So that is 2771 bytes from the start of the lnx cart. Feel free to modify it ;) 

 

0002768 4c 0c 16 00 03 09 0f 00 00 07 0f 00 00 0f 00 00
0002784 06 09 0f 00 33 99 ff 02 fa 00 00 a0 f0 f0 0a 0f
0002800 0b 0e 0f 20 ec 15 20 0b 15 a9 00 20 57 15 60 ad

Share this post


Link to post
Share on other sites

Yep. This means that it calculates a checksum by some algorithm and refuses to work if the data is altered.

Share this post


Link to post
Share on other sites

If you replace the first 474 bytes with this file then the checksum is gone...

huvu

 

And it works. I greenified it.

4479071_Screenshotfrom2020-09-2223-40-48.png.e5d82e295fd4fb8fb9d9b9a478c7cc5b.png

 

So as the comments said. It is not super hard to hack ROM's.

  • Like 1

Share this post


Link to post
Share on other sites

Yeah I suspected a CRC but I'm definitely dumb when it comes to low level stuff...

 

Anyway, Klax Green Slime looks really sweet guys :) Now just it's just a matter of making sure colors are different enough (original yellow and green are a killer for my eyes...)

Share this post


Link to post
Share on other sites
1 hour ago, LordKraken said:

Yeah I suspected a CRC but I'm definitely dumb when it comes to low level stuff...

 

Anyway, Klax Green Slime looks really sweet guys :) Now just it's just a matter of making sure colors are different enough (original yellow and green are a killer for my eyes...)

The yellow and green are the worst for me, too, along with the blue and purple(?).

I've been trying to find six colours (+white, which should be universally safe) that I can easily differentiate, and it’s not that easy. I’ve attached one possible set.

F119A004-6D8B-43D5-984D-26BCDE22BE72.jpeg

Edited by Spydabee

Share this post


Link to post
Share on other sites

The Klax palette is really a bit strange. To the right is my suggestion.

235427016_Screenshotfrom2020-09-2302-50-17.png.5c7f3960d9e8e860457cdaf362e0965a.png 950024302_Screenshotfrom2020-09-2303-09-04.png.3a06d4af7ba761358c0be4b86d81d374.png

 

Is there some colours on the right that are hard to see?

 

Here is a colour corrected version.

NewKlax.lnx

Share this post


Link to post
Share on other sites

There are a few which might cause problems for me, but they’re better than the originals, I think. I’ve grouped the ones which look fairly similar to me - group A would be the most difficult to tell apart - B and C are about equal*.


*I think I could learn to distinguish of both these groups with practice. Group C is probably fine, in fact.

 

CC3865C1-5232-41B9-90F1-F5B6278A8687.jpeg

Edited by Spydabee

Share this post


Link to post
Share on other sites

That is definitely better - what would be really helpful is to identify which 10 are used for the tiles (I thought it was a max of 7, but that’s because I’ve never got far enough to find out), and make sure that those are the most easily determined. The remaining 6 just need to make sense for the graphical context.

 

Share this post


Link to post
Share on other sites
1 hour ago, Spydabee said:

That is definitely better - what would be really helpful is to identify which 10 are used for the tiles (I thought it was a max of 7, but that’s because I’ve never got far enough to find out), and make sure that those are the most easily determined. The remaining 6 just need to make sense for the graphical context.

 

My guess is that the first 5 colours are not used for tiles.

 

If you really want to fine-tune this you can get a byte editor and change the colours.

 

The meaning of the colour palette bytes:

 

The 1st 16 values are the green components of the palette:

00 03 09 0F 00 00 07 0F 00 00 0F 00 00 06 09 0F

 

As you can see the higher number is always 0. The lower number goes from 0..F.

 

The next 16 values are the blue-red pairs of the palette:

00 33 99 FF 02 FA 00 00 A0 F0 F0 0A 0F 0B 0E 0F

 

So when you think about the palette the colours go like:

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 - colour index

00 03 09 0F 00 00 07 0F 00 00 0F 00 00 06 09 0F - green
00 33 99 FF 02 FA 00 00 A0 F0 F0 0A 0F 0B 0E 0F - blue-red

 

index 08 has green=0, blue=A, red=0 so it is BLUE

index 09 has green=0, blue=F, red=0 so it is LIGHT BLUE

 

Happy tweaking colours.

Share this post


Link to post
Share on other sites
12 hours ago, karri said:

Really @sage

 

Did you already swap in Harry's loader and test that it works?

i just pressed the button "add new loader" in the gui.

Not sure if this was the one from Harry. i did this tools so long time ago.

  • Haha 1

Share this post


Link to post
Share on other sites
17 minutes ago, karri said:

Happy tweaking colours.

@Spydabee : You can try it in Handybug and tweak the colors directly in the HW registers (0xfda0..f for green, 0xfdb0..f for blue-red)

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...